Utah state senator Howard A. Stephenson has introduced a bill that will penalize online “doxing” — unless you are a retailer.
Doxing Disrupts Personal Lives
Stephenson’s bill, S.B. 227, aims to prohibit unauthorized users from disseminating personal identifying information online. This is known commonly as “doxing”. Victims of this practice find their lives disrupted, and often lose their jobs or even need to move house after an incident.
However authorized retailers who gain your personal identifying information through the use of “electronic product identification or tracking systems, or other technology to identify, track, or price goods” are not subject to the offenses. S.B. 227 offenders could receive a misdemeanor or felony sanction.
The bill defines “identifying information” as: social security number, driver license number, non-driver governmental identification number, bank account number, student identification number, credit or debit card number, personal ID number, unique biometric data, or computer password.
Not considered personal “identifying information” is data “that is lawfully available from publicly available information, or from federal, state, or local government records lawfully made available to the general public.”
It’s Different if You’re a Retailer
Retailers will retain the right to be able to collect personal identifying information as long as the equipment to do so is within the retailer’s location.
Consumer data is important to retailers to give them insights on their products. Consumer data can provide more detailed information about buying, selling, or returning merchandise habits. Within that consumer data there can be personal identifying information.
The bill defined the exemption as:
“A retailer that uses an electronic product identification or tracking system, or other technology to identify, track, or price goods is not guilty of a violation of Subsection (2)(a) if the equipment designed to read the electronic product identification or tracking system data and used by the retailer to identify, track, or price goods is located within the retailer’s location.”
However, aggregating all of this personal identifying information makes for some enticing honeypots for hackers to target. If you provide it, it can still be stolen.
The Crimes and Penalties
Unauthorized access or attempts to access computer hardware or software resulting in damages, theft, or “a benefit for any person without legal right” could be penalized with a misdemeanor or felony.
The charges are decided mostly on the monetary value placed on the damages. Offenders can also be penalized if they are attempting to gather personal identifying information with the intent to disseminate information, where others will further spread that information and or harass the victim.
This offense is a misdemeanor unless this is the third offense making the penalty a third degree felony.
Do you think this law is a good idea? Let’s hear your thoughts.
Images via Pixabay